From 499ff551218850975b91c9d166bc602421a7f69c Mon Sep 17 00:00:00 2001
From: ppcad <45867125+ppcad@users.noreply.github.com>
Date: Mon, 28 Oct 2024 10:23:56 +0100
Subject: [PATCH] 629 no support for the mysql connector python library in
 version 900 (#688)

* Update import for MySQL connector
* Unpin mysql-connector-python version
* Pin mysql-connector-python to >=9.1.0 for CVE-2024-21272

Co-authored-by: dtrai2 <95028228+dtrai2@users.noreply.github.com>

* Update changelog

---------

Co-authored-by: dtrai2 <95028228+dtrai2@users.noreply.github.com>
---
 CHANGELOG.md                                       | 1 +
 logprep/processor/generic_adder/mysql_connector.py | 2 +-
 pyproject.toml                                     | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b205ff0d7..76e3be40e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,6 +32,7 @@
 * ensure `logprep.abc.Component.Config` is immutable and can be applied multiple times
 * remove lost callback reassign behavior from `kafka_input` connector
 * remove manual commit option from `kafka_input` connector
+* pin `mysql-connector-python` to >=9.1.0 to accommodate for CVE-2024-21272 and update `MySQLConnector` to work with the new version
 
 ## 13.1.2
 ### Bugfix
diff --git a/logprep/processor/generic_adder/mysql_connector.py b/logprep/processor/generic_adder/mysql_connector.py
index c212ea988..f425996a8 100644
--- a/logprep/processor/generic_adder/mysql_connector.py
+++ b/logprep/processor/generic_adder/mysql_connector.py
@@ -33,7 +33,7 @@ class MySQLConnector:
     _last_table_checksum: Optional[int]
     """Checksum of the database table that was obtained on the last update check"""
 
-    _cursor: mysql.connector.connection.CursorBase
+    _cursor: mysql.connector.connection.MySQLCursor
 
     def __init__(self, sql_config: dict):
         """Initialize the MySQLConnector.
diff --git a/pyproject.toml b/pyproject.toml
index 9e7468633..09b735733 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -67,7 +67,7 @@ dependencies = [
   "jsonref",
   "luqum",
   "more-itertools==8.10.0",
-  "mysql-connector-python<9",
+  "mysql-connector-python>=9.1.0",  #  CVE-2024-21272
   "numpy>=1.26.0",
   "opensearch-py",
   "prometheus_client",